itlawwikiaorg-20200214-history
E-mail
Definition E-mail (an acronym for E'''lectronic '''Mail) is the application that initially popularized the Internet. It allows a user to type in one or more e-mail addresses, compose a message, and send it to another user or a group of users. History "Email is a core application of large-scale computer networking and has been such since the early days of Internet development. In those early days, networking was a collegial, research-oriented enterprise. Security was not a consideration. The past forty years have seen diversity in applications operated over the Internet, and worldwide adoption of email by research organizations, governments, militaries, businesses and individuals. At the same time there has been and associated increase in criminal and nuisance threats."NIST Special Publication 800-177, at v. Overview How e-mail works E-mail can be generated by different devices and methods but, most commonly, a user composes the message on her own computer and then sends it off to her mail server. At this point the user's computer is finished with the job, but the mail server still has to deliver the message. A mail server is like an electronic post office — it sends and receives electronic mail. Most of the time, the mail server is separate from the computer where the e-mail was composed. The sender's mail server delivers the message by finding the recipient's mail server and forwards the message to that location. The message then resides on that second mail server and is available to the recipient. The software program used to compose and read the e-mail message is sometimes referred to as the e-mail client. Depending on how the recipient’s e-mail client is configured, a copy of the message could be found on the recipient’s computer, another electronic device such as an all-in-one telephone or PDA, and/or the mail server or its backup tapes. A copy of the message may also be found on the sender’s computer (in the “sent” box or trash), or on the sender’s mail server or its backup tapes. As the message travels through the communications network, an abbreviated record of the e-mai]] is routed through one or more mail servers, each server adds its own information to the message header. Basic components of an e-mail Various methods are used for creating and sending an e-mail message. The appearance of an e-mail message depends on the device or software program used. However, a message typically has a header and a body and may also have attachments. The e-mail header contains addressing information and the route that an e-mail takes from sender to receiver. The body contains the content of the communication. Attachments may be any type of file such as pictures, documents, sound, and video. When initially viewing an e-mail message, only a small portion of the e-mail header may be displayed. This usually is information put into the message by the sender, as represented in the following image. However, the e-mail message depicted in above does not display all of the available information. Additional information associated with the e-mail may be obtained by looking at the header in more detail, which can be done in different ways depending on the software program being used. In the example below, the originating IP address is 165.247.94.223. The journey of the message can usually be reconstructed by reading the e-mail header from bottom to top. As the message passes through additional mail servers, the mail server will add its information above the previous information in the header. The e-mail header is composed of two general areas, the envelope header and the message header. The envelope header contains information added to the header by the mail servers that receive the message during the journey. The “Received:” lines and the Message-ID line are the main components of the envelope header and are generally more difficult to spoof. In the following example, lines 9 through 12 are part of the envelope header. The message header contains information added to the header by the user’s e-mail client. This is generally user-created information and is the easiest to spoof. It contains the To:, From:, Return-Path:, Subject:, Content-Type:, and the first Date and time. In the following example, lines 2 though 8 are part of the message header. Security "The Internet's underlying e-mail protocol was adopted in 1982 and can still be deployed and operated today. However, this protocol is susceptible to a wide range of attacks including man-in-the-middle content modification and content surveillance. The basic standards have been modified and augmented over the years with adaptations that mitigate these threats. With spoofing protection, content modification protection, encryption and authentication, properly implemented email can be regarded as sufficiently secure for government, financial and medical communications."NIST Special Publication 800-177, at v. "Threats to the core email infrastructure functions can be classified as follows: * Integrity-related threats to the email system, which could result in unauthorized access to an enterprises' email system. * Confidentiality-related threats to email, which could result in unauthorized disclosure of sensitive information. * Availability-related threats to the email system, which could prevent end users from being able to send or receive email."Id. at 13. Privacy Computer users do not have an objectively reasonable expectation of privacy in envelope header information on e-mails.See Quon v. Arch Wireless Operating Co., 529 F.3d 892, 904-05 (9th Cir. 2008) (full-text), rev'd on other grounds and remanded, City of Ontario, Cal. v. Quon, 560 U.S. 746 (2010) (full-text); United States v. Forrester, 512 F.3d 500, 510-11 (9th Cir. 2008); cf. Smith v. Maryland, 442 U.S. 735, 743-44 (1979) (no legitimate expectation of privacy in dialing, routing, addressing, and signaling information transmitted to telephone companies). References See also * E-mail address * E-mail application * E-mail attachment * E-mail bomb * E-mail campaign * E-mail client * E-mail distribution list * E-mail generator * E-mail interception * E-mail list * E-mail protocol * E-mail server * E-mail service * E-mail service provider * E-mail spoofing * E-mail system * E-mail thread * Emailer * Email account * Email attachment * Email bombing * Email forwarding * Email redirector * Email Sender and Provider Coalition * Email social engineering attack * Hoax email * Marketing e-mail * Spam * Transactional e-mail * Unsolicited commercial electronic mail Category:Internet Category:E-mail